Upload
marsha-baldwin
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
The Biometric Foundation
Biometrics – Standards ActivitiesNational Defense Industrial Association
19th Annual Security SymposiumReston, VirginiaJune 19, 2003
The Biometric Foundation
Do We Need Biometrics?
• Significant Population Increase• Fewer Human Safeguards• E-Commerce, PC Banking• Increased “Identity Theft”• Increased Fraud• Too Many PINS & Passwords• Need for Improved Physical / Logical Access
Control
The Biometric Foundation
Biometric Technology Methods
• Fingerprints• Voice • Facial • Iris• Retina• Signature Dynamics• Hand Geometry• Skin Spectroscopy
• Thermal (Face)• Vein Patterns
(Hand)• Finger Geometry• Stride Recognition• DNA• Keystroke Dynamics• Body Odor
The Biometric Foundation
Biometric Issues
• Need for ANSI / ISO standards• Technology Has Strong “Big Brother” Implications• Real Concerns are About the Data• Technology is Not Finite (Voodoo)• High Profile Cases of Poor Implementation• Change in Behavior• Mission Creep• Fear of the Unknown
The Biometric Foundation
Enhanced Border Security Act….
“It requires every foreign visitor desiring entrance into the United States to carry a travel document containing biometric identification -- that would be fingerprints or facial recognition -- that will enable us to use technology to better deny fraudulent entry into America.”
George W. Bush
May 14, 2002
The Biometric Foundation
Biometrics on the Border• Face and Finger biometrics readily address
legacy data issues• Int’l. Civil Aviation Organization (ICAO) (9303)
recommends face, finger or iris methods in travel documents
• November 2002 - GAO Report (GAO-02-952) on the use of Biometrics and Border Security
• January 2003 - NIST Report (303a) supports the use of face and finger biometrics on border
The Biometric Foundation
Biometric ID Issues
• Develop Application Profiles
• Provide for Portability to Various Cards
• Support Multiple Storage Mediums
• Maintain Customer Selection of Various Biometric Technologies
• Insure Interoperability
The Biometric Foundation
Biometric Civil ID
• Improve Enrollment Process
• Establish Minimal Standards
• Utilize Multiple Biometrics
• Mandate Use in Critical Applications
• Permit Opt-in Programs for Less Critical
The Biometric Foundation
Government Initiatives
• Common Access Card (CAC) (DOD)
• Transportation Worker Identification Card (TWIC) (TSA)
• US VISIT (Visas) (DHS / DOS)
• Smart Access / Common ID (GSA)
The Biometric Foundation
Smart Cards and Biometrics
• NSA “Tokeneer” model• Addresses CA matrix• Various Enrollment /
Authentication Scenarios• Construct Similar to X.509
Public Key Certificate• Adopted for GSA Smart
Access / Common ID
The Biometric Foundation
• Established in Nov. 2001 by the E-Board of INCITS.
• Ensures a high priority, focused, and comprehensive approach in the US for the rapid development and approval of formal generic biometric standards.
• Accelerates the deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defense and the prevention of ID theft.
• Develops necessary standards to enable interoperability and data interchange between applications and systems.
M1- Biometrics (US)
The Biometric Foundation
M1- Biometrics (US)
• Legislative accelerants: Public Law 107-71 - Aviation and Transportation Security Public Law 107-56 - “The USA Patriot Act” Public Law 107-173 – “Enhanced Border Security Act”
• Goals:• Elevate consortia standards (e.g., BioAPI and CBEFF) to
national and international voluntary consensus standards.
• Develop critical biometric standards such as Common File Formats, Application Programming Interfaces, biometric data formats (e.g., templates, image formats), Application Profiles and methodologies for conformity assessment.
The Biometric Foundation
M1- Biometrics (US)
• Meetings: January/May/August/December 2002/ + March/June 2003
• Officers: Fernando Podio, Chairman Cathy Tilton, International Representative Colin Soutar, Vice Chairman Steve Elliot, Secretary
• M1 is the Technical Advisory Group (TAG) to JTC 1 SC37.• M1 Web Site: www.incits.org/tc_home/m1.htm• M1 Document Register:
www.incits.org/tc_home/m1htm/docs/m1docreg.htm
The Biometric Foundation
M1- Biometrics (US)
Current Structure
Ad-Hoc Group on Biometric Application Profiles
Ad-Hoc Group on Biometric Data Interchange Formats
Ad-Hoc Group on Biometric Interoperability
in Support of the Gov. Smart Card Framework
Ad-Hoc Group on Biometric Performance Testing,
Quality, and Definitions
The Biometric Foundation
M1- Biometrics (US)
Standards Under Development
Application ProfileVerification & Identification of Transportation Workers
Application ProfilePersonal Identification for
Border Management
Application ProfileBiometric Verification
in Point-of-Sale Systems
Finger Minutiae Format for Data Interchange
Finger Pattern-BasedInterchange Format
Face Recognition Formatfor Data Interchange
Finger ImageInterchange Format
Iris Image Format forData Interchange
The Biometric Foundation
www.biometrics.org www.nist.gov/bcwg
www.bioapi.org
www.ibia.org www.biometricfoundation.org
www.nist.gov/cbeffwww.itl.nist.org
M1 Biometrics Standards Incubators
The Biometric Foundation
• Recently established by JTC 1 (June 2002).• Scope:
“Standardization of generic biometric technologies to support interoperability and data interchange between applications and systems”.
“Generic biometric standards include: common file formats; application programming interfaces (APIs); biometric templates; template protection techniques; and related application / implementation profiles, as well as methodologies for conformity assessment.
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
INCITS 358 (BioAPI V1.1 Spec), Biometric API for Java Card
Transportation Workers, Border Management, Point-of-Sale
Fingerprint Minutiae-Based, Finger Pattern-Based, Face
Landmarks, Iris Image, Finger Image
Biometric Data
Formats
Common Biometric Framework Formats
Biometric APIs
Application Profiles for ID
and Verification
Augmented Version of CBEFF (NISTIR 6529) under development in NIST/BC WG
SC37 Scope of Work
Derived from Colin Soutar’s Onion View on Biometrics Standardization
Methodologies for Conformity Assessment, Performance
Testing, Quality, Vocabulary, Template Protection
The Biometric Foundation
• An international formal standards forum able to:Meet the need for an international standards environment
to coalesce a wide range of interests among IT and biometric industry and users of biometric-based solutions for multiple Identification and Verification applications.
Develop biometric data interchange and interoperability standards for use in multiple applications.
Provide the most efficient approach for the utilization of biometric experts’ time.
Establish strong liaison with other ISO/IEC TCs (i.e., TC68) and JTC 1 SCs (i.e., SC17 and SC27).
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
• Status:Secretariat: US (ANSI will perform secretariat duties).Chairman: Fernando Podio, NISTFirst SC37 Plenary meeting:
o December 11 –13, 2002, Orlando, FL, U.S.A.o Hosted by the US.o Delegates from 18 member countries participate.
• Web site: www.jtc1.org (select SC37).
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
• US TAG (INCITS M1) anticipates submitting the following proposals for New Work Items (projects) and their corresponding technical contributions (Working Drafts): Application Profile Verification & Identification of
Transportation Workers Application Profile Personal identification for Border
Management Application Profile Biometric Verification in POS Systems Finger Pattern-Based Interchange Format Finger Minutiae Format for Data Interchange Face Recognition Format for Data Interchange Finger Image Interchange Format Iris Image Format for Data Interchange Harmonized Vocabulary
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
• Other US technical contributions for SC37 consideration of further processing:
Standardized definitions of biometric “system” performance measurements and standardized test procedures.
Biometric API for Java Cards (TM) – M1 ballot planned upon acceptance and approval of this specification by NIST/BC Biometric WG.
Biometric Template Protection and Usage specification as a technical contribution to SC37 for consideration of further processing (upon approval of NIST/BC Biometric WG and M1 ballot).
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
• US technical contributions to address suitability of the JTC 1 fast track process and US interest in submitting these standards to JTC 1 for fast track processing and placement in JTC 1 SC 37:
Contribution of ANSI/INCITS 358, BioAPI V1.1 Specification.
Contribution of the Augmented Version of CBEFF (Common Biometric Framework Format) NISTIR-6529-A Upon Approval of the NIST/BC Biometric WG.
• Technical contributions from other SC37 member countries are expected in the near future.
Subcommittee 37 (SC37)Biometrics
The Biometric Foundation
Developing Standards
• ANSI/NSIT 358 BioAPI (US Standard proposed to ISO)
• NISTIR 6529 Common Biometric Exchange File Format (Proposed US and ISO standard)
• Border Crossing AP (scheduled final ballot for ANSI standard in August 2003)
• Transportation Worker Identification Card (TWIC) AP (scheduled final ballot for ANSI in August 2003)
The Biometric Foundation
Into the Future…
• Need to ensure that standards activities continue to move full-force to enable widespread adoption
• Need to provide our expertise to customers to help them comply with legislation and standards
• Need to ensure that we do whatever it takes to meet deadlines…
The Biometric Foundation
Biometric Industry Efforts
Biometric Consortium
www.biometrics.org
International Biometrics Industry Association
www.ibia.org
The Biometric Foundation
www.biometricfoundation.org
InterNational Committee for Information Technology Standards
www.incits.org
The Biometric Foundation
Contact Information
M. Paul Collier
Executive Director
The Biometric Foundation
601 13th Street, NW, Suite 370-S
Washington, DC 20005
301-990-9404 (Direct Phone)
301-990-9405 (Direct Fax)
WEB: www.biometricfoundation.org